Due to a lack of time - I will only be doing minimal maintenace.
No planned future updates for the time being
git clone --recursive https://github.com/whiterabb17/sifter
To clone with all plugins
ββββββ βββ βββββββββββββββββββββ ββββββ
βββ β βββββββ β β βββ ββββ β βββ β βββ
β ββββ βββββββββ β β ββββ ββββββ βββ βββ β
β βββββββββββ β β ββββ β βββ β βββββββ
βββ βββ βββ βββββββββββββββββ ββββ β βββββββββββ ββββ βββ βββ βββ
βββ βββ βββ β βββ β βββ β β β ββ ββ ββ ββ ββ ββββ βββ βββ βββ
ββ ββ ββ β ββ β β β β β β β β β ββ β ββ ββ ββ ββ
β β β β β β β β β β β β ββ β β β β
β β β β β β β β β β β
β β β β β β
β β ββ β ββ β βββ β βββββ βββ s1l3nt78 | whiterabb17
β β ββ β ββ β ββ β β ββ β ββ β The Dead Bunny Collective
β β ββ β ββ β ββ β β ββ β ββ β Because enumeration is key
@Codename: Sapphire
@Version : 12.6
# Released Extensions
- G - Sifter's g extension gives a GUI overlayβ '--> Built on top of eDEX-UI
- F - Sifter's f extension provides the DanderFuzz Exploitational Plugin for Sifter
β '--> Framework created by the EquationGroup courtesy of The Shadow Brokers
- M - Sifter's m extension provided malware analysis tools.
- C - Sifter's c extension is just a small script allowing CobaltStrike to be added to exploitation frameworks.
ββ (A copy of CobaltStrike will NOT be provided, You must provide your own)
#__ Version: 12.6 _|_ Sapphire __#
- PhoneInfoga - Advanced information gathering & OSINT framework for phone numbers
- Infoga - Advanced information gathering & OSINT framework for singular/domain eMail addresses
- Typing info into any menu will bring up the Module Information Screen.
- Typing session into any menu will start a new Sifter session to run concurrently.
- All Results can now be exported to Desktop and a backup zip package is created and time stamped.
[!] For oneliner install (source), copy and paste the following into a terminal:
*
$ git clone https://github.com/whiterabb17/sifter.git && cd sifter && bash install.sh
[!] To install Sifter with plugins run:
*
$ git clone --recursive https://github.com/whiterabb17/sifter; cd sifter; bash install.sh
Sifter is a fully stocked Op Centre for Pentesters. Made up of over 80 different tools. It combines a plethara of OSINT, recon and vulnerability analysis tools within catagorized modsets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsoft and if unpatched, exploit them. It uses tools like blackwidow and konan for webdir enumeration and attack surface mapping rapidly using ASM.
Gathered info is saved to the results folder, these output files can be easily parsed over to TigerShark in order to be utilised within your campaign. Or compiled for a final report to wrap up a penetration test.
-----------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------
Working on: - Kali
- Parrot
- Ubuntu
- Linux (any distro)
- Windows (Linux Subsystem with Docker and VcXsrc or KeX)
Works on windows with linux-subsystem but please ensure docker is properly installed and configured,
following the instructions from docker website
Untested on mac, though theoretically the same should apply to mac as windows - regarding docker install & tools
[ ! ] Please do not run sifter or the install as ROOT user.
use a regular user and give permissions only when needed.
If a scan does not work correctly at first, remove web-protocol from target. eg:
- use target.com
- instead of https;//target.com
- Click to Expand
#Enterprise Information Gatherers
- theHarvester- Osmedeus
- ReconSpider
- Emagnet
- CredNinja
- OSINT-Framework - Infoga
#Targeted Information Gatherers
- Maryam- PhoneInfoga
- Seeker
- Sherlock
- E2P (Email2Phone)
- CardPwn
- iKy
- GHunt
#Microsoft Exploitation
- ActiveReign- iSpy
- SMBGhost
ββ-- SMBGhost Scanner
ββ-- SMBGhost Exploit
#Website Exploiters
- DDoSββ-- Dark-Star
ββ-- Impulse
ββ-- UFONet
- NekoBot
- xShock
- VulnX
#Post-Exploitation
- EoP Exploit (Privilege Escalation Exploit)- Potatoes
ββ-- BadPotato
ββ-- SweetPotato
- PEAS
ββ-- winPEAS
ββ-- linPEAS
- WinPwn
- CredHarvester
- PowerSharp
- ACLight2
- PowerHub
- InveighZero
#Exploitation Frameworks
+ DanderFuzz - Equation Group, Courtesy of the Shadow Brokersββ- FuzzBunch
ββ- Danderspritz
β(Provided by the F plugin.)
+ CobaltStrike
β (Provided by the C plugin.)
+ PHPSploit
+ Thoron
+ Metasploit
#Network Scanners
- nMap- WebMap
- AttackSurfaceMapper
- aSnip
- wafw00f
- Arp-Scan
- Espionage
- Intrigue-Core
- Responder
#Vulnerability Scanners
- Flan- Rapidscan
- Yuki-Chan
- Katana-VF (Vulnerability Framework)
- OWASP-Nettacker
- Big IP Remote Execution Scanner
- WeblogicScanner
- Vailyn
#Website Scanners & Enumerators
- Nikto- Blackwidow
- Blacknet
- Wordpress
ββ--- WPScan
ββ--- WPForce/Yertle
- Zeus-Scanner
- Dirb
- DorksEye
- Katana-DS (Dork Scanner)
#Operational Security & Threat Analysis
- EventCleaner- Threat Dragon
- TruffleSNout
- Snaffler
- Mitre-Attack Website
#Cross-Site Scripting & SQL Injection
- SQLinjectionββ--- WhiteWidow
ββ--- V3n0M-Scanner
- Cross-Site Scripting
ββ--- XSStrike
ββ--- finDOM-XSS
ββ--- XSS-Freak
#Web Mini-Games
- This was added in order to have a fun way to pass timeβduring the more time intensive modules.
βSuch as nMap Full Port scan or a RapidScan run.